WinRAR.exe

WinRAR

Alexander Roshal

WinRAR provides the full RAR and ZIP file support, can decompress CAB, GZIP, ACE and other archive formats. The executable WinRAR.exe has been detected as malware by 8 anti-virus scanners. According to the AV engines that detect this, it is a detection for a file infected by members of the Win32/Ramnit malware family and may drop and load other malware. The file has been seen being downloaded from dc452.4shared.com.
Publisher:
Alexander Roshal

Product:
WinRAR

Description:
WinRAR archiver

Version:
3.93.0

MD5:
e2faddf8ab297d15b3a63078156af871

SHA-1:
5421e85158296ff707e043d38f85f45f51e3df6e

SHA-256:
1871cff33d9746bf2e62459a3f213330a480dd2bfb6493fd2462e4f62dd53021

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/25/2024 4:12:43 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160503-1

Dr.Web
Win32.Rmnet.8
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit.N
11.5.0.6191

ESET NOD32
Win32/Ramnit.H virus
8.0.319.0

F-Prot
W32/Ramnit.B!Generic
4.6.5.141

F-Secure
Win32.Ramnit.N
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.223.2667.0

Norman
Win32.Ramnit.N
28.05.2016 15:32:18

File size:
1.1 MB (1,178,134 bytes)

Copyright:
Copyright © Alexander Roshal 1993-2010

Original file name:
WinRAR.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winrar.exe

File PE Metadata
Compilation timestamp:
3/15/2010 2:26:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:FKG+6WC0IBOw0DW/yvZnTQYuGJWcMMMMMMcuDmH:MovBOrRnTQYZMMMMMMu

Entry address:
0x141000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, A8, A6, 01, 20, 2B, 85, 0F, AE, 01, 20, 89, 85, 0B, AE, 01, 20, B0, 00, 86, 85, 40, B0, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 3B, AF, 01, 20, 00, 74, 33, 83, BD, 3F, AF, 01, 20, 00, 74, 2A, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3B, AF, 01, 20, 8B, 00, 89, 85, 78, AF, 01, 20, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3F, AF, 01, 20, 8B, 00, 89, 85, 7C, AF, 01, 20, EB, 61, 83, BD, 43, AF, 01, 20, 00, 74, 58, 8B, 85, 0B, AE, 01, 20, 2B, 85, 43, AF, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
6.7348

Packer / compiler:
ASPack v1.08.04

Code size:
703 KB (719,872 bytes)

Shell Open Command
Open type:
WinRAR

Command:
"C:\users\{user}\downloads\winrar.exe" "%1"


The file WinRAR.exe has been seen being distributed by the following URL.

Remove WinRAR.exe - Powered by Reason Core Security